Re: per-process namespace?

[Mike Waychison]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ram Pai wrote:
> Is there a way for an application to
> 1. fork its own namespace and modify it, and
> 2. still be able to see changes to the system namespace?
>
> Al Viro's Per-process namespace implementation provides the first
> feature.  But is there any work done to do the second part? Is it worth
> doing?
>
> RP

In what sense?

The current model has no definition for a 'system namespace'.

Accessing /proc/<pid>/mounts where <pid> is running in a different
namespace appears to work.  As well, you can always fchdir back into
another namespace temporarily.  As long as you don't reference any
file/directories using absolute paths (including following symlinks),
then you can already navigate the entire namespace.

This falls apart though when there are no longer any processes keeping
that namespace alive.  When this happens, the vfsmount's are unstitched
and you end up 'stuck' on a given mount :(.

Another caveat is that the current system disallows you from doing any
mount/umount's in another namespace (bogus security?).

- --
Mike Waychison
Sun Microsystems, Inc.
1 (650) 352-5299 voice
1 (416) 202-8336 voice
http://www.sun.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE:  The opinions expressed in this email are held by me,
and may not represent the views of Sun Microsystems, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA4dq9dQs4kOxk3/MRApkaAKCPe0Nw9QBZH425SZeOIvIzSzksUACfQk5D
xLgBDN/dsmVMkAAD73mugiY=
=8OEy
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/